Standard Privacy Report

What’s an SPR?

The standard privacy report (SPR) displays all the privacy practices in a product's policies in a consistent easy-to-read outline that can be compared to other products. The SPR indicates whether or not a product's policies disclose that they engage in each particular privacy practice and displays an alert icon when users should further investigate particular details prior to use. This alert icon indicates that the particular practice is risky or unclear.

Basic and Full Evaluations

There are two types of privacy evaluations: Basic evaluations and full evaluations. Both type of evaluations have the same rating icons and use the same Privacy Ratings. Basic evaluations are a 34-point inspection of the most important privacy and security Basic Evaluation Questions about a product. Full evaluations are a 156-point inspection of all the comprehensive privacy and security Full Evaluation Questions about a product. Basic evaluations answer the most critical privacy and security questions about a product to determine an overall score, concern scores, and which rating they belong to in order to allow parents, teachers, schools, and districts to make an informed decision about whether to use the product. Basic evaluations do not answer all the questions of a full 156-point inspection evaluation of a product, but still display an overall score and concern scores based on answers to the Basic Questions. Basic evaluations can still be easily compared to basic or full evaluations because they share the same Evaluation Scores, Evaluation Concerns, Privacy Ratings, and a subset of the Standard Privacy Report.

How Should We Use the SPR?

The SPR displays all of the findings from our full 156-question evaluation framework. The SPR also includes all the basic evaluation questions and is available for both a basic and full evaluation of a product. The SPR does not summarize a full evaluation, but rather provides answer statements to all of the full evaluation questions as well as all of the basic evaluation questions for easier comparison between products.

What Questions Does the SPR Cover?

The SPR is comprised of all the privacy evaluation questions with answers about the privacy and security practices of a product's privacy policies. You have several options for navigating these questions, and learning more about data privacy. You can view all of the SPR questions below with each of their possible answers that include: "does" engage in the practice, "does not" engage in the practice, is "transparent" or "non-transparent" about the practice, and "unanswered" because we did not evaluate that question. In addition, you can navigate all the privacy evaluation questions which include additional background information and relevant citations to help you understand each possible answer in the SPR. Lastly, evaluation questions below that are Basic Evaluation Questions are designated (BASIC).

1: Transparency

1.1: Policy Version

1.1.1: Effective Date (BASIC)

Do the policies clearly indicate the version or effective date of the policies?

  • Statements
    • Unanswered: Did not evaluate whether privacy policies do indicate a version or effective date.
    • Non-Transparent: Privacy policies do not indicate a version or effective date.
    • Transparent: Privacy policies do indicate a version or effective date.

1.1.2: Change Log

Do the policies clearly indicate a changelog or past policy versions available are for review?

  • Statements
    • Unanswered: Did not evaluate whether privacy policies indicate a changelog or past policy version is available.
    • Non-Transparent: Privacy policies do not indicate a changelog or past policy version is available.
    • Transparent: Privacy policies indicate a changelog or past policy version is available.

1.2: Policy Notice

1.2.1: Change Notice

Do the policies clearly indicate whether or not a user is notified if there are any material changes to the policies?

  • Statements
    • Unanswered: Did not evaluate whether users are notified if there are any material changes to the policies.
    • Non-Transparent: Unclear whether users are notified if there are any material changes to the policies.
    • Does: Users are notified if there are any material changes to the policies.
    • Does Not: Users are not notified if there are any material changes to the policies.

1.2.2: Method Notice

Do the policies clearly indicate the method used to notify a user when policies are updated or materially change?

  • Statements
    • Unanswered: Did not evaluate whether privacy policies indicate the method used to notify a user when policies are updated.
    • Non-Transparent: Privacy policies do not indicate the method used to notify a user when policies are updated.
    • Transparent: Privacy policies indicate the method used to notify a user when policies are updated.

1.3: Policy Changes

1.3.1: Review Changes

Do the policies clearly indicate whether or not any updates or material changes to the policies will be accessible for review by a user prior to the new changes being effective?

  • Statements
    • Unanswered: Did not evaluate whether users are notified prior to any material changes to the policies.
    • Non-Transparent: Unclear whether users are notified prior to any material changes to the policies.
    • Does: Users are notified prior to any material changes to the policies.
    • Does Not: Users are not notified prior to any material changes to the policies.

1.3.2: Effective Changes

Do the policies clearly indicate whether or not any updates or material changes to the policies are effective immediately and continued use of the product indicates consent?

  • Statements
    • Unanswered: Did not evaluate whether changes to the policies are effective immediately and continued use of the product indicates consent.
    • Non-Transparent: Unclear whether changes to the policies are effective immediately and continued use of the product indicates consent.
    • Does: Changes to the policies are effective immediately and continued use of the product indicates consent.
    • Does Not: Changes to the policies are not effective immediately and continued use of the product requires additional consent.

1.4: Policy Coverage

1.4.1: Services Include

Do the policies clearly indicate the products that are covered by the policies?

  • Statements
    • Unanswered: Did not evaluate whether privacy policies indicate the products that are covered by the policies.
    • Non-Transparent: Privacy policies do not indicate the products that are covered by the policies.
    • Transparent: Privacy policies indicate the products that are covered by the policies.

1.5: Policy Contact

1.5.1: Vendor Contact

Do the policies clearly indicate whether or not a user can contact the vendor about any privacy policy questions, complaints, and material changes to the policies?

  • Statements
    • Unanswered: Did not evaluate whether users can contact the vendor about any privacy policy questions, complaints, or material changes to the policies.
    • Non-Transparent: Unclear whether users cannot contact the vendor about any privacy policy questions, complaints, or material changes to the policies.
    • Does: Users cannot contact the vendor about any privacy policy questions, complaints, or material changes to the policies.
    • Does Not: Users can contact the vendor about any privacy policy questions, complaints, or material changes to the policies.

1.6: Policy Principles

1.6.1: Quick Reference

Do the policies clearly indicate the vendor's privacy principles by short explanations, layered notices, a table of contents, or outlined privacy principles of the vendor?

  • Statements
    • Unanswered: Did not evaluate whether privacy policies indicate any privacy principles, layered notices, or a table of contents.
    • Non-Transparent: Privacy policies do not indicate any privacy principles, layered notices, or a table of contents.
    • Transparent: Privacy policies do indicate any privacy principles, layered notices, or a table of contents.

1.7: Policy Language

1.7.1: Preferred Language

Do the policies clearly indicate they are available in any language(s) other than English?

  • Statements
    • Unanswered: Did not evaluate whether privacy policies are available in multiple languages.
    • Non-Transparent: Privacy policies are not available in multiple languages.
    • Transparent: Privacy policies are available in multiple languages.

1.8: Intended Use

1.8.1: Children Intended (BASIC)

Do the policies clearly indicate whether or not the product is intended to be used by children under the age of 13?

  • Statements
    • Unanswered: Did not evaluate whether intended for children under 13.
    • Non-Transparent: Unclear whether intended for children under 13.
    • Does: Intended for children under 13.
    • Does Not: Not intended for children under 13.

1.8.2: Teens Intended

Do the policies clearly indicate whether or not the product is intended to be used by teens 13 to 18 years of age?

  • Statements
    • Unanswered: Did not evaluate whether intended for teens.
    • Non-Transparent: Unclear whether intended for teens.
    • Does: Intended for teens.
    • Does Not: Not intended for teens.

1.8.3: Adults Intended

Do the policies clearly indicate whether or not the product is intended to be used by adults over the age of 18?

  • Statements
    • Unanswered: Did not evaluate whether intended for adults over 18.
    • Non-Transparent: Unclear whether intended for adults over 18.
    • Does: Intended for adults over 18.
    • Does Not: Not intended for adults over 18.

1.8.4: Parents Intended

Do the policies clearly indicate whether or not the product is intended to be used by parents or guardians?

  • Statements
    • Unanswered: Did not evaluate whether intended for parents or guardians.
    • Non-Transparent: Unclear whether intended for parents or guardians.
    • Does: Intended for parents or guardians.
    • Does Not: Not intended for parents or guardians.

1.8.5: Students Intended (BASIC)

Do the policies clearly indicate whether or not the product is intended to be used by students in preschool or K-12?

  • Statements
    • Unanswered: Did not evaluate whether intended for students.
    • Non-Transparent: Unclear whether intended for students.
    • Does: Intended for students.
    • Does Not: Not intended for students.

1.8.6: Teachers Intended

Do the policies clearly indicate whether or not the product is intended to be used by teachers?

  • Statements
    • Unanswered: Did not evaluate whether intended for teachers.
    • Non-Transparent: Unclear whether intended for teachers.
    • Does: Intended for teachers.
    • Does Not: Not intended for teachers.

2: Focused Collection

2.1: Data Collection

2.1.1: Collect PII (BASIC)

Do the policies clearly indicate whether or not the vendor collects personally identifiable information (PII)?

  • Statements
    • Unanswered: Did not evaluate whether the product collects personally identifiable information (PII).
    • Non-Transparent: Unclear whether the product collects personally identifiable information.
    • Does: Personally identifiable information (PII) is collected.
    • Does Not: Personally identifiable information (PII) is not collected.

2.1.2: PII Categories

Do the policies clearly indicate what categories of personally identifiable information are collected by the product?

  • Statements
    • Unanswered: Did not evaluate whether the categories of collected personally identifiable information are indicated.
    • Non-Transparent: Unclear if the categories of personally identifiable information collected are indicated.
    • Transparent: The categories of collected personally identifiable information are indicated.

2.1.3: Geolocation Data

Do the policies clearly indicate whether or not precise geolocation data are collected?

  • Statements
    • Unanswered: Did not evaluate whether this product collects geolocation data.
    • Non-Transparent: Unclear whether this product collects geolocation data.
    • Does: Geolocation data are collected.
    • Does Not: Geolocation data are not collected.

2.1.4: Health Data

Do the policies clearly indicate whether or not any health or biometric data are collected?

  • Statements
    • Unanswered: Did not evaluate whether this product collects biometric or health data.
    • Non-Transparent: Unclear whether this product collects biometric or health data.
    • Does: Biometric or health data are collected.
    • Does Not: Biometric or health data are not collected.

2.1.5: Behavioral Data

Do the policies clearly indicate whether or not any behavioral data are collected?

  • Statements
    • Unanswered: Did not evaluate whether this product collects behavioral data.
    • Non-Transparent: Unclear whether this product collects behavioral data.
    • Does: Behavioral data are collected.
    • Does Not: Behavioral data are not collected.

2.1.6: Sensitive Data

Do the policies clearly indicate whether or not sensitive personal information is collected?

  • Statements
    • Unanswered: Did not evaluate whether this product collects sensitive data.
    • Non-Transparent: Unclear whether this product collects sensitive data.
    • Does: Sensitive data are collected.
    • Does Not: Sensitive data are not collected.

2.1.7: Usage Data

Do the policies clearly indicate whether or not the product automatically collects any information?

  • Statements
    • Unanswered: Did not evaluate whether this product collects non-personally identifiable information.
    • Non-Transparent: Unclear whether this product collects non-personally identifiable information.
    • Does: Non-personally identifiable information is collected.
    • Does Not: Non-personally identifiable information is not collected.

2.1.8: Lunch Status

Do the policies clearly indicate whether or not the vendor collects information on free or reduced lunch status?

  • Statements
    • Unanswered: Did not evaluate whether free or reduced lunch status is collected.
    • Non-Transparent: Unclear whether free or reduced lunch status is collected.
    • Does: Free or reduced lunch status is collected.
    • Does Not: Free or reduced lunch status is not collected.

2.2: Data Source

2.2.1: Student Data

Do the policies clearly indicate whether or not the vendor collects personal information or education records from preK-12 students?

  • Statements
    • Unanswered: Did not evaluate whether personal information or education records are collected from preK-12 students.
    • Non-Transparent: Unclear whether personal information or education records are collected from preK-12 students.
    • Does: Personal information or education records are collected from preK-12 students.
    • Does Not: Personal information or education records are not collected from preK-12 students.

2.2.2: Child Data

Do the policies clearly indicate whether or not the vendor collects personal information online from children under 13 years of age?

  • Statements
    • Unanswered: Did not evaluate whether this product collects personal information online from children under 13 years of age.
    • Non-Transparent: Unclear whether this product collects personal information online from children under 13 years of age.
    • Does: Personal information from children under 13 years of age is collected online.
    • Does Not: Personal information from children under 13 years of age is not collected online.

2.3: Data Exclusion

2.3.1: Data Excluded

Do the policies clearly indicate whether or not the vendor excludes specific types of data from collection?

  • Statements
    • Unanswered: Did not evaluate whether specific types of personal information are not collected.
    • Non-Transparent: Unclear whether specific types of personal information are not collected.
    • Does: Specific types of personal information are not collected.
    • Does Not: Specific types of personal information that should be excluded are collected.

2.3.2: Coverage Excluded

Do the policies clearly indicate whether or not the vendor excludes specific types of collected data from coverage under its privacy policy?

  • Statements
    • Unanswered: Did not evaluate whether specific types of collected information are excluded from the privacy policy.
    • Non-Transparent: Unclear whether specific types of collected information are excluded from the privacy policy.
    • Does: Specific types of collected information are excluded from the privacy policy.
    • Does Not: Specific types of collected information are not excluded from the privacy policy.

2.4: Data Limitation

2.4.1: Collection Limitation (BASIC)

Do the policies clearly indicate whether or not the vendor limits the collection or use of information to only data that are specifically required for the product?

  • Statements
    • Unanswered: Did not evaluate whether the collection or use of data is limited to product requirements.
    • Non-Transparent: Unclear whether the collection or use of data is limited to product requirements.
    • Does: Collection or use of data is limited to product requirements.
    • Does Not: Collection or use of data is not limited to product requirements.

3: Data Sharing

3.1: Data Shared With Third Parties

3.1.1: Data Shared (BASIC)

Do the policies clearly indicate if collected information (this includes data collected via automated tracking or usage analytics) is shared with third parties?

  • Statements
    • Unanswered: Did not evaluate whether collected information is shared with third parties.
    • Non-Transparent: Unclear whether collected information is shared with third parties.
    • Transparent: Collected information is shared with third parties.

3.1.2: Data Categories (BASIC)

Do the policies clearly indicate what categories of information are shared with third parties?

  • Statements
    • Unanswered: Did not evaluate whether the categories of information are shared with third parties are indicated.
    • Non-Transparent: Unclear whether the categories of information shared with third parties are indicated.
    • Transparent: The categories of information shared with third parties are indicated.

3.2: Data Use by Third Parties

3.2.1: Sharing Purpose

Do the policies clearly indicate the vendor's intention or purpose for sharing a user's personal information with third parties?

  • Statements
    • Unanswered: Did not evaluate whether the purpose for sharing a user's personal information with third parties is indicated.
    • Non-Transparent: Unclear whether the purpose for sharing a user's personal information with third parties is indicated.
    • Transparent: The purpose for sharing a user's personal information with third parties is indicated.

3.2.2: Third-Party Analytics

Do the policies clearly indicate whether or not collected information is shared with third parties for analytics and tracking purposes?

  • Statements
    • Unanswered: Did not evaluate whether data are shared for analytics.
    • Non-Transparent: Unclear whether data are shared for analytics.
    • Does: Data are shared for analytics.
    • Does Not: Data are not shared for analytics.

3.2.3: Third-Party Research

Do the policies clearly indicate whether or not collected information is shared with third parties for research or product improvement purposes?

  • Statements
    • Unanswered: Did not evaluate whether data are shared for research and/or product improvement.
    • Non-Transparent: Unclear whether data are shared for research and/or product improvement.
    • Does: Data are shared for research and/or product improvement.
    • Does Not: Data are not shared for research and/or product improvement.

3.2.4: Third-Party Marketing (BASIC)

Do the policies clearly indicate whether or not personal information is shared with third parties for advertising or marketing purposes?

  • Statements
    • Unanswered: Did not evaluate whether data are shared for third-party advertising and/or marketing.
    • Non-Transparent: Unclear whether data are shared for third-party advertising and/or marketing.
    • Does: Data are shared for third-party advertising and/or marketing.
    • Does Not: Data are not shared for third-party advertising and/or marketing.

3.3: Data Not Shared With Third Parties

3.3.1: Exclude Sharing

Do the policies specify any categories of information that will not be shared with third parties?

  • Statements
    • Unanswered: Did not evaluate whether there are specific categories of information that are not shared with third parties.
    • Non-Transparent: Unclear whether there are specific categories of information that are not shared with third parties.
    • Transparent: Specific categories of information are not shared with third parties.

3.4: Data Sold to Third Parties

3.4.1: Sell Data (BASIC)

Do the policies clearly indicate whether or not a user's personal information is sold or rented to third parties?

  • Statements
    • Unanswered: Did not evaluate whether data are sold or rented to third parties.
    • Non-Transparent: Unclear whether data are sold or rented to third parties.
    • Does: Data are sold or rented to third parties.
    • Does Not: Data are not sold or rented to third parties.

3.5: Third-Party Data Acquisition

3.5.1: Data Acquired

Do the policies clearly indicate whether or not the vendor may acquire a user's information from a third party?

  • Statements
    • Unanswered: Did not evaluate whether personal information from users is acquired from third parties.
    • Non-Transparent: Unclear whether personal information from users is acquired from third parties.
    • Does: Personal information from users is acquired from third parties.
    • Does Not: Personal information from users is not acquired from third parties.

Do the policies clearly indicate whether or not outbound links on the site to third-party external websites are age-appropriate?

  • Statements
    • Unanswered: Did not evaluate whether third-party external websites are age-appropriate.
    • Non-Transparent: Unclear whether links to third-party external websites are age-appropriate.
    • Does: Links to third-party external websites are age-appropriate.
    • Does Not: Links to third-party external websites are not age-appropriate.

3.7: Third-Party Data Access

3.7.1: Authorized Access

Do the policies clearly indicate whether or not a third party is authorized to access a user's information?

  • Statements
    • Unanswered: Did not evaluate whether third parties are authorized to access a user's information.
    • Non-Transparent: Unclear whether third parties are authorized to access a user's information.
    • Does: Third parties are authorized to access a user's information.
    • Does Not: Third parties are not authorized to access a user's information.

3.8: Third-Party Data Collection

3.8.1: Third-Party Collection

Do the policies clearly indicate whether or not a user's personal information is collected by a third party?

  • Statements
    • Unanswered: Did not evaluate whether personal information of users is collected by a third party.
    • Non-Transparent: Unclear whether personal information of users is collected by a third party.
    • Does: Personal information of users is collected by a third party.
    • Does Not: Personal information of users is not collected by a third party.

3.9: Third-Party Data Misuse

3.9.1: Data Misuse

Do the policies clearly indicate whether or not a user's information can be deleted from a third party by the vendor, if found to be misused by the third party?

  • Statements
    • Unanswered: Did not evaluate whether personal information can be deleted from a third party if found to be misused.
    • Non-Transparent: Unclear whether personal information can be deleted from a third party if found to be misused.
    • Does: Personal information can be deleted from a third party if found to be misused.
    • Does Not: Personal information cannot be deleted from a third party if found to be misused.

3.10: Third-Party Service Providers

3.10.1: Third-Party Providers

Do the policies clearly indicate whether or not third-party services are used to support the internal operations of the vendor's product?

  • Statements
    • Unanswered: Did not evaluate whether data are shared with third-party service providers.
    • Non-Transparent: Unclear whether data are shared with third-party service providers.
    • Does: Data are shared with third-party service providers.
    • Does Not: Data are not shared with third-party service providers.

3.10.2: Third-Party Roles

Do the policies clearly indicate the role of third-party service providers?

  • Statements
    • Unanswered: Did not evaluate whether the roles of third-party service providers are indicated.
    • Non-Transparent: Unclear whether the roles of third-party service providers are indicated.
    • Transparent: The roles of third-party service providers are indicated.

3.11: Third-Party Affiliates

3.11.1: Third-Party Categories

Do the policies clearly indicate the categories of related third parties, such as subsidiaries or affiliates with whom the vendor shares data?

  • Statements
    • Unanswered: Did not evaluate whether the categories of third parties that receive personal information are indicated.
    • Non-Transparent: Unclear whether the categories of third parties that receive personal information are indicated.
    • Transparent: The categories of third parties that receive personal information are indicated.

3.12: Third-Party Policies

3.12.1: Third-Party Policy

Do the policies clearly indicate whether or not the vendor provides a link to a third-party service provider, data processor, partner, or affiliate's privacy policy?

  • Statements
    • Unanswered: Did not evaluate whether links to privacy policies of third-party companies are available.
    • Non-Transparent: Unclear whether links to privacy policies of third-party companies are available.
    • Does: Links to privacy policies of third-party companies are available.
    • Does Not: Links to privacy policies of third-party companies are not available.

3.13: Third-Party Data Combination

3.13.1: Vendor Combination

Do the policies clearly indicate whether or not data collected or maintained by the vendor can be augmented, extended, or combined with data from third-party sources?

  • Statements
    • Unanswered: Did not evaluate whether data can be combined with data from third-party sources.
    • Non-Transparent: Unclear whether data can be combined with data from third-party sources.
    • Does: Data can be combined with data from third-party sources.
    • Does Not: Data cannot be combined with data from third-party sources.

3.13.2: Third-Party Combination

Do the policies clearly indicate whether or not data shared with third parties can be augmented, extended, or combined with data from additional third-party sources?

  • Statements
    • Unanswered: Did not evaluate whether data shared with third parties can be combined by third parties for their own purposes.
    • Non-Transparent: Unclear whether data shared with third parties can be combined by third parties for their own purposes.
    • Does: Data shared with third parties can be combined by third parties for their own purposes.
    • Does Not: Data shared with third parties cannot be combined by third parties for their own purposes.

3.14: Third-Party Authentication

3.14.1: Social Login (BASIC)

Do the policies clearly indicate whether or not social or federated login is supported to use the product?

  • Statements
    • Unanswered: Did not evaluate whether this product supports social or federated login.
    • Non-Transparent: Unclear whether this product supports social or federated login.
    • Does: Social or federated login is supported.
    • Does Not: Social or federated login is not supported.

3.14.2: Social Collection

Do the policies clearly indicate whether or not the vendor collects information from social or federated login providers?

  • Statements
    • Unanswered: Did not evaluate whether personal information from social or federated login providers is collected.
    • Non-Transparent: Unclear whether personal information from social or federated login providers is collected.
    • Does: Personal information from social or federated login providers is collected.
    • Does Not: Personal information from social or federated login providers is not collected.

3.14.3: Social Sharing

Do the policies clearly indicate whether or not the vendor shares information with social or federated login providers?

  • Statements
    • Unanswered: Did not evaluate whether personal Information is shared with social or federated login providers.
    • Non-Transparent: Unclear whether personal Information is shared with social or federated login providers.
    • Does: Personal Information is shared with social or federated login providers.
    • Does Not: Personal Information is not shared with social or federated login providers.

3.15: De-identified or Anonymized Data

3.15.1: Data Deidentified

Do the policies clearly indicate whether or not a user's information that is shared or sold to a third-party is only done so in an anonymous or deidentified format?

  • Statements
    • Unanswered: Did not evaluate whether user information is shared in an anonymous or deidentified format.
    • Non-Transparent: Unclear whether user information is shared in an anonymous or deidentified format.
    • Does: User information is shared in an anonymous or deidentified format.
    • Does Not: User information is not shared in an anonymous or deidentified format.

3.15.2: Deidentified Process

Do the policies clearly indicate whether or not the deidentification process is done with a reasonable level of justified confidence, or whether the vendor provides links to any information that describes their deidentification process?

  • Statements
    • Unanswered: Did not evaluate whether the vendor describes their deidentification process of user information.
    • Non-Transparent: Unclear whether the vendor describes their deidentification process of user information.
    • Does: The vendor describes their deidentification process of user information.
    • Does Not: The vendor does not describes their deidentification process of user information.

3.16: Third-Party Contractual Obligations

3.16.1: Third-Party Limits (BASIC)

Do the policies clearly indicate whether or not the vendor imposes contractual limits on how third parties can use personal information that the vendor shares or sells to them?

  • Statements
    • Unanswered: Did not evaluate whether contractual limits are placed on third-party data use.
    • Non-Transparent: Unclear whether contractual limits are placed on third-party data use.
    • Does: Contractual limits are placed on third-party data use.
    • Does Not: Contractual limits are not placed on third-party data use.

3.16.2: Combination Limits

Do the policies clearly indicate whether or not the vendor imposes contractual limits that prohibit third parties from reidentifying or combining data with other data sources that the vendor shares or sells to them?

  • Statements
    • Unanswered: Did not evaluate whether contractual limits prohibit third parties from reidentifying deidentified information.
    • Non-Transparent: Unclear whether contractual limits prohibit third parties from reidentifying deidentified information.
    • Does: Contractual limits prohibit third parties from reidentifying deidentified information.
    • Does Not: Contractual limits do not prohibit third parties from reidentifying deidentified information.

4: Respect for Context

4.1: Data Use

4.1.1: Purpose Limitation

Do the policies clearly indicate whether or not the vendor limits the use of data collected by the product to the educational purpose for which it was collected?

  • Statements
    • Unanswered: Did not evaluate whether use of information is limited to the purpose for which it was collected.
    • Non-Transparent: Unclear whether use of information is limited to the purpose for which it was collected.
    • Does: Use of information is limited to the purpose for which it was collected.
    • Does Not: Use of information is not limited to the purpose for which it was collected.

4.1.2: Data Purpose

Do the policies clearly indicate the context or purpose for which data are collected?

  • Statements
    • Unanswered: Did not evaluate whether the purpose for which data are collected is indicated.
    • Non-Transparent: Unclear whether the purpose for which data are collected is indicated.
    • Transparent: The purpose for which data atr collected is indicated.

4.2: Data Combination

4.2.1: Combination Type

Do the policies clearly indicate whether or not the vendor would treat personally identifiable information (PII) combined with non-personally identifiable information as PII?

  • Statements
    • Unanswered: Did not evaluate whether this product treats combined information as personally identifiable information (PII).
    • Non-Transparent: Unclear whether this product treats combined information as personally identifiable information (PII).
    • Does: Combined information is treated as personally identifiable information (PII).
    • Does Not: Combined information is not treated as personally identifiable information (PII).

4.3: Data Notice

4.3.1: Context Notice

Do the policies clearly indicate whether or not notice is provided to a user if the vendor changes the context in which data are collected?

  • Statements
    • Unanswered: Did not evaluate whether notice is provided if the context in which data are collected change.
    • Non-Transparent: Unclear whether notice is provided if the context in which data are collected changes.
    • Does: Notice is provided if the context in which data are collected changes.
    • Does Not: Notice is not provided if the context in which data are collected changes.

4.4: Data Changes

Do the policies clearly indicate whether or not the vendor will obtain consent if the practices in which data are collected change or are inconsistent with contractual requirements?

  • Statements
    • Unanswered: Did not evaluate whether consent is obtained if the practices in which data are collected change.
    • Non-Transparent: Unclear whether consent is obtained if the practices in which data are collected change.
    • Does: Consent is obtained if the practices in which data are collected change.
    • Does Not: Consent is not obtained if the practices in which data are collected change.

4.5: Policy Enforcement

4.5.1: Community Guidelines

Do the policies clearly indicate whether or not the vendor may terminate a user's account if they engage in any prohibited activities?

  • Statements
    • Unanswered: Did not evaluate whether accounts may be terminated if users engage in any prohibited activities.
    • Non-Transparent: Unclear whether accounts may be terminated if users engage in any prohibited activities.
    • Does: Accounts may be terminated if users engage in any prohibited activities.
    • Does Not: Accounts may not be terminated if users engage in any prohibited activities.

5: Individual Control

5.1: User Content

5.1.1: User Submission (BASIC)

Do the policies clearly indicate whether or not a user can create or upload content to the product?

  • Statements
    • Unanswered: Did not evaluate whether users can create or upload content.
    • Non-Transparent: Unclear whether users can create or upload content.
    • Does: Users can create or upload content.
    • Does Not: Users cannot create or upload content.

Do the policies clearly indicate whether or not the vendor requests opt-in consent from a user at the time information is collected?

  • Statements
    • Unanswered: Did not evaluate whether opt-in consent is requested from users at the time personal information is collected.
    • Non-Transparent: Unclear whether opt-in consent is requested from users at the time personal information is collected.
    • Does: Opt-in consent is requested from users at the time personal information is collected.
    • Does Not: Opt-in consent is not requested from users at the time personal information is collected.

5.3: Remedy Process

5.3.1: Complaint Notice

Do the policies clearly indicate whether or not the vendor has a grievance or remedy mechanism for users to file a complaint after the vendor restricts or removes a user's content or account?

  • Statements
    • Unanswered: Did not evaluate whether a grievance or remedy mechanism is available for users to file a complaint.
    • Non-Transparent: Unclear whether a grievance or remedy mechanism is available for users to file a complaint.
    • Does: A grievance or remedy mechanism is available for users to file a complaint.
    • Does Not: A grievance or remedy mechanism is not available for users to file a complaint.

5.4: Data Settings

5.4.1: User Control

Do the policies clearly indicate whether or not a user can control the vendor or third party's use of their information through privacy settings?

  • Statements
    • Unanswered: Did not evaluate whether users can control their information through privacy settings.
    • Non-Transparent: Unclear whether users can control their information through privacy settings.
    • Does: Users can control their information through privacy settings.
    • Does Not: Users cannot control their information through privacy settings.

5.5: Data Disclosure

Do the policies clearly indicate whether or not a user can opt out from the disclosure or sale of their data to a third party?

  • Statements
    • Unanswered: Did not evaluate whether users can opt out from the disclosure or sale of their data to a third party.
    • Non-Transparent: Unclear whether users can opt out from the disclosure or sale of their data to a third party.
    • Does: Users can opt out from the disclosure or sale of their data to a third party.
    • Does Not: Users cannot opt out from the disclosure or sale of their data to a third party.

5.5.2: Disclosure Request

Do the policies clearly indicate whether or not a user can request the vendor to provide all the personal information the vendor has shared with third parties?

  • Statements
    • Unanswered: Did not evaluate whether users can request to know what personal information has been shared with third parties for commercial purposes.
    • Non-Transparent: Unclear whether users can request to know what personal information has been shared with third parties for commercial purposes.
    • Does: Users can request to know what personal information has been shared with third parties for commercial purposes.
    • Does Not: Users can not request to know what personal information has been shared with third parties for commercial purposes.

5.5.3: Disclosure Notice

Do the policies clearly indicate whether or not the vendor will provide the affected user, school, parent, or student with notice in the event the vendor receives a government or legal request for their information?

  • Statements
    • Unanswered: Did not evaluate whether notice is provided in the event the vendor receives a government or legal request for a user’s information.
    • Non-Transparent: Unclear whether notice is provided in the event the vendor receives a government or legal request for a user’s information.
    • Does: Notice is provided in the event the vendor receives a government or legal request for a user’s information.
    • Does Not: Notice is not provided in the event the vendor receives a government or legal request for a user’s information.

5.6: Intellectual Property

5.6.1: Data Ownership

Do the policies clearly indicate whether or not a student, educator, parent, or the school retains ownership to the Intellectual Property rights of the data collected or uploaded to the product?

  • Statements
    • Unanswered: Did not evaluate whether users retain ownership of their data.
    • Non-Transparent: Unclear whether users retain ownership of their data.
    • Does: Users retain ownership of their data.
    • Does Not: Users do not retain ownership of their data.

Do the policies clearly indicate whether or not the vendor may claim a copyright license to the data or content collected from a user?

  • Statements
    • Unanswered: Did not evaluate whether a copyright license is claimed to data or content collected from a user.
    • Non-Transparent: Unclear whether a copyright license is claimed to data or content collected from a user.
    • Does: A copyright license is claimed to data or content collected from a user.
    • Does Not: A copyright license is not claimed to data or content collected from a user.

Do the policies clearly indicate whether or not the vendor limits its copyright license of a user's data?

  • Statements
    • Unanswered: Did not evaluate whether any copyright license to a user's data is limited in scope or duration.
    • Non-Transparent: Unclear whether any copyright license to a user's data is limited in scope or duration.
    • Does: Any copyright license to a user's data is limited in scope or duration.
    • Does Not: Any copyright license to a user's data is not limited in scope or duration.

Do the policies clearly indicate whether or not the vendor provides notice to a user when their content is removed or disabled because of alleged infringement or other Intellectual Property violations?

  • Statements
    • Unanswered: Did not evaluate whether notice is provided to users when their content is removed or disabled because of an alleged copyright violation.
    • Non-Transparent: Unclear whether notice is provided to users when their content is removed or disabled because of an alleged copyright violation.
    • Does: Notice is provided to users when their content is removed or disabled because of an alleged copyright violation.
    • Does Not: Notice is not provided to users when their content is removed or disabled because of an alleged copyright violation.

6: Access and Accuracy

6.1: Data Access

6.1.1: Access Data (BASIC)

Do the policies clearly indicate whether or not the vendor provides authorized individuals a method to access a user's personal information?

  • Statements
    • Unanswered: Did not evaluate whether this product provides processes to access and review user data.
    • Non-Transparent: Unclear whether this product provides processes to access and review user data.
    • Does: Processes to access and review user data are available.
    • Does Not: Processes to access and review user data are not available.

6.1.2: Restrict Access

Do the policies clearly indicate whether or not the vendor provides mechanisms (permissions, roles, or access controls, etc.) to restrict what data are accessible to specific users?

  • Statements
    • Unanswered: Did not evaluate whether permissions, roles, or access controls are available to restrict who has access to data.
    • Non-Transparent: Unclear whether permissions, roles, or access controls are available to restrict who has access to data.
    • Does: Permissions, roles, or access controls are available to restrict who has access to data.
    • Does Not: Permissions, roles, or access controls are not available to restrict who has access to data.

6.1.3: Review Data

Do the policies clearly indicate whether or not the vendor provides a process available for the school, parents, or eligible students to review student information?

  • Statements
    • Unanswered: Did not evaluate whether the school, parents, or students can review data.
    • Non-Transparent: Unclear whether the school, parents, or students can review data.
    • Does: Processes to review data are available for the school, parents, or students.
    • Does Not: Processes to review data are not available for the school, parents, or students.

6.2: Data Integrity

6.2.1: Maintain Accuracy

Do the policies clearly indicate whether or not the vendor takes steps to maintain the accuracy of data they collect and store?

  • Statements
    • Unanswered: Did not evaluate whether the vendor maintains the accuracy of data they collect.
    • Non-Transparent: Unclear whether the vendor maintains the accuracy of data they collect.
    • Does: The vendor does maintain the accuracy of data they collect.
    • Does Not: The vendor does not maintain the accuracy of data they collect.

6.3: Data Correction

6.3.1: Data Modification (BASIC)

Do the policies clearly indicate whether or not the vendor provides authorized individuals with the ability to modify a user's inaccurate data?

  • Statements
    • Unanswered: Did not evaluate whether this product provides processes to modify inaccurate data.
    • Non-Transparent: Unclear whether this product provides processes to modify inaccurate data.
    • Does: Processes to modify inaccurate data are available.
    • Does Not: Processes to modify inaccurate data are not available.

6.3.2: Modification Process

Do the policies clearly indicate whether or not the vendor provides a process for the schools, parents, or eligible students to modify inaccurate student information?

  • Statements
    • Unanswered: Did not evaluate whether the school, parents, or students can modify data.
    • Non-Transparent: Unclear whether the school, parents, or students can modify data.
    • Does: Processes for the school, parents, or students to modify data are available.
    • Does Not: Processes for the school, parents, or students to modify data are not available.

6.3.3: Modification Notice

Do the policies clearly indicate how long the vendor has to modify a user's inaccurate data after given notice?

  • Statements
    • Unanswered: Did not evaluate whether the time period for the vendor to modify inaccurate data is indicated.
    • Non-Transparent: Unclear whether the time period for the vendor to modify inaccurate data is indicated.
    • Transparent: The time period for the vendor to modify inaccurate data is indicated.

6.4: Data Retention

6.4.1: Retention Policy

Do the policies clearly indicate the vendor's data retention policy, including any data sunsets or any time-period after which a user's data will be automatically deleted if they are inactive on the product?

  • Statements
    • Unanswered: Did not evaluate whether the product provides a data-retention policy.
    • Non-Transparent: Unclear whether the product provides a data-retention policy.
    • Transparent: A data-retention policy is available.

6.4.2: Retention Limits

Do the policies clearly indicate whether or not the vendor will limit the retention of a user's data unless a valid request to inspect data is made?

  • Statements
    • Unanswered: Did not evaluate whether the retention time period of a user's data can be changed upon a valid inspection request.
    • Non-Transparent: Unclear whether the retention time period of a user's data can be changed upon a valid inspection request.
    • Does: The retention time period of a user's data can be changed upon a valid inspection request.
    • Does Not: The retention time period of a user's data can not be changed upon a valid inspection request.

6.5: Data Deletion

6.5.1: Deletion Purpose

Do the policies clearly indicate whether or not the vendor will delete a user's personal information when the data are no longer necessary to fulfill its intended purpose?

  • Statements
    • Unanswered: Did not evaluate whether this product deletes data when no longer necessary.
    • Non-Transparent: Unclear whether this product deletes data when no longer necessary.
    • Does: Data are deleted when no longer necessary.
    • Does Not: Data are not deleted when no longer necessary.

6.5.2: Account Deletion

Do the policies clearly indicate whether or not a user's data are deleted upon account cancellation or termination?

  • Statements
    • Unanswered: Did not evaluate whether a user's data are deleted upon account cancellation or termination.
    • Non-Transparent: Unclear whether a user's data are deleted upon account cancellation or termination.
    • Does: A user's data are deleted upon account cancellation or termination.
    • Does Not: A user's data are not deleted upon account cancellation or termination.

6.5.3: User Deletion

Do the policies clearly indicate whether or not a user can delete all of their personal and non-personal information from the vendor?

  • Statements
    • Unanswered: Did not evaluate whether a user can delete all their data.
    • Non-Transparent: Unclear whether a user can delete all their data.
    • Does: Processes to delete user data are available.
    • Does Not: Processes to delete user data are not available.

6.5.4: Deletion Process (BASIC)

Do the policies clearly indicate whether or not the vendor provides a process for the school, parent, or eligible student to delete a student's personal information?

  • Statements
    • Unanswered: Did not evaluate whether the school, parents, or students can delete data.
    • Non-Transparent: Unclear whether the school, parents, or students can delete data.
    • Does: Processes for the school, parents, or students to delete data are available.
    • Does Not: Processes for the school, parents, or students to delete data are not available.

6.5.5: Deletion Notice

Do the policies clearly indicate how long the vendor may take to delete a user's data after given notice?

  • Statements
    • Unanswered: Did not evaluate whether the time period for the vendor to delete data is indicated.
    • Non-Transparent: Unclear whether the time period for the vendor to delete data is indicated.
    • Transparent: The time period for the vendor to delete data is indicated.

6.6: Data Portability

6.6.1: User Export

Do the policies clearly indicate whether or not a user can export or download their data, including any user created content on the product?

  • Statements
    • Unanswered: Did not evaluate whether this product provides users the ability to download their data.
    • Non-Transparent: Unclear whether this product provides users the ability to download their data.
    • Does: Processes to download user data are available.
    • Does Not: Processes to download user data are not available.

6.6.2: Legacy Contact

Do the policies clearly indicate whether or not a user may assign an authorized account manager or legacy contact to access and download their data?

  • Statements
    • Unanswered: Did not evaluate whether a user can assign an authorized account manager or legacy contact.
    • Non-Transparent: Unclear whether a user can assign an authorized account manager or legacy contact.
    • Does: A user can assign an authorized account manager or legacy contact.
    • Does Not: A user can not assign an authorized account manager or legacy contact.

7: Data Transfer

7.1: Data Handling

7.1.1: Transfer Data (BASIC)

Do the policies clearly indicate whether or not the vendor can transfer a user's data in the event of the vendor's merger, acquisition, or bankruptcy?

  • Statements
    • Unanswered: Did not evaluate whether user information can be transferred to a third party.
    • Non-Transparent: Unclear whether user information can be transferred to a third party.
    • Does: User information can be transferred to a third party.
    • Does Not: User information cannot be transferred to a third party.

7.1.2: Data Assignment

Do the policies clearly indicate whether or not the vendor can assign its rights or delegate its duties under the policies to a successor vendor without notice or consent to the user?

  • Statements
    • Unanswered: Did not evaluate whether notice is provided to users if the vendor assigns its rights or delegates its duties to another company.
    • Non-Transparent: Unclear whether notice is provided to users if the vendor assigns its rights or delegates its duties to another company.
    • Does: Notice is provided to users if the vendor assigns its rights or delegates its duties to another company.
    • Does Not: Notice is not provided to users if the vendor assigns its rights or delegates its duties to another company.

7.1.3: Transfer Notice

Do the policies clearly indicate whether or not the vendor will notify users of a data transfer to a third-party successor, in the event of a vendor's bankruptcy, merger, or acquisition?

  • Statements
    • Unanswered: Did not evaluate whether users are notified if their information is transferred to a third party.
    • Non-Transparent: Unclear whether users are notified if their information is transferred to a third party.
    • Does: Users are notified if their information is transferred to a third party.
    • Does Not: Users are not notified if their information is transferred to a third party.

7.2: Transfer Request

7.2.1: Delete Transfer

Do the policies clearly indicate whether or not a user can request to delete their data prior to its transfer to a third-party successor in the event of a vendor bankruptcy, merger, or acquisition?

  • Statements
    • Unanswered: Did not evaluate whether user information can be deleted prior to its transfer to a third party.
    • Non-Transparent: Unclear whether user information can be deleted prior to its transfer to a third party.
    • Does: User information can be deleted prior to its transfer to a third party.
    • Does Not: User information can not be deleted prior to its transfer to a third party.

7.3: Onward Contractual Obligations

7.3.1: Contractual Limits

Do the policies clearly indicate whether or not the third-party successor of a data transfer is contractually required to provide the same privacy compliance required of the vendor?

  • Statements
    • Unanswered: Did not evaluate whether third-party transfers are contractually required to use the same privacy practices.
    • Non-Transparent: Unclear whether third-party transfers are contractually required to use the same privacy practices.
    • Does: Third-party transfer is contractually required to use the same privacy practices.
    • Does Not: Third-party transfer is not contractually required to use the same privacy practices.

8: Security

8.1: User Identity

8.1.1: Verify Identity

Do the policies clearly indicate whether or not the vendor or vendor-authorized third party verifies a user's identity with personal information?

  • Statements
    • Unanswered: Did not evaluate whether a user's identity is verified with additional personal information.
    • Non-Transparent: Unclear whether a user's identity is verified with additional personal information.
    • Does: A user's identity is verified with additional personal information.
    • Does Not: A user's identity is not verified with additional personal information.

8.2: User Account

8.2.1: Account Required (BASIC)

Do the policies indicate whether or not the vendor requires a user to create an account with a username and password in order to use the product?

  • Statements
    • Unanswered: Did not evaluate whether this product requires account creation.
    • Non-Transparent: Unclear whether this product requires account creation.
    • Does: Account creation is required.
    • Does Not: Account creation is not required.

8.2.2: Managed Account (BASIC)

Do the policies clearly indicate whether or not the vendor provides user managed accounts for a parent, teacher, school or district?

  • Statements
    • Unanswered: Did not evaluate whether parental controls or managed accounts are available.
    • Non-Transparent: Unclear whether parental controls or managed accounts are available.
    • Does: Parental controls or managed accounts are available.
    • Does Not: Parental controls or managed accounts are not available.

8.2.3: Two-Factor Protection

Do the policies clearly indicate whether or not the security of a user's account is protected by two-factor authentication?

  • Statements
    • Unanswered: Did not evaluate whether two-factor account protection is available.
    • Non-Transparent: Unclear whether two-factor account protection is available.
    • Does: Two-factor account protection is available.
    • Does Not: Two-factor account protection is not available.

8.3: Third-Party Security

8.3.1: Security Agreement

Do the policies clearly indicate whether or not a third party with access to a user's information is contractually required to provide the same level of security protections as the vendor?

  • Statements
    • Unanswered: Did not evaluate whether third-party contractual security protections are required.
    • Non-Transparent: Unclear whether third-party contractual security protections are required.
    • Does: Third-party contractual security protections are required.
    • Does Not: Third-party contractual security protections are not required.

8.4: Data Confidentiality

8.4.1: Reasonable Security (BASIC)

Do the policies clearly indicate whether or not reasonable security standards are used to protect the confidentiality of a user's personal information?

  • Statements
    • Unanswered: Did not evaluate whether this product uses industry best practices to protect data.
    • Non-Transparent: Unclear whether this product uses industry best practices to protect data.
    • Does: Industry best practices are used to protect data.
    • Does Not: Industry best practices are not used to protect data.

8.4.2: Employee Access

Do the policies clearly indicate whether or not the vendor implements physical access controls or limits employee access to user information?

  • Statements
    • Unanswered: Did not evaluate whether this product limits employee or physical access to user information.
    • Non-Transparent: Unclear whether this product limits employee or physical access to user information.
    • Does: Employee or physical access to user information is limited.
    • Does Not: Employee or physical access to user information is not limited.

8.5: Data Transmission

8.5.1: Transit Encryption (BASIC)

Do the policies clearly indicate whether or not all data in transit is encrypted?

  • Statements
    • Unanswered: Did not evaluate whether this product encrypts all data in transit.
    • Non-Transparent: Unclear whether this product encrypts all data in transit.
    • Does: All data in transit are encrypted.
    • Does Not: All data in transit are not encrypted.

8.6: Data Storage

8.6.1: Storage Encryption (BASIC)

Do the policies clearly indicate whether or not all data at rest is encrypted?

  • Statements
    • Unanswered: Did not evaluate whether this product encrypts all data at rest.
    • Non-Transparent: Unclear whether this product encrypts all data at rest.
    • Does: All data at rest are encrypted.
    • Does Not: All data at rest are not encrypted.

8.6.2: Data Control

Do the policies clearly indicate whether or not personal information is stored outside the control of the vendor?

  • Statements
    • Unanswered: Did not evaluate whether personal information of users is stored with a third party.
    • Non-Transparent: Unclear whether personal information of users is stored with a third party.
    • Does: Personal information of users is stored with a third party.
    • Does Not: Personal information of users is not stored with a third party.

8.7: Data Breach

8.7.1: Breach Notice (BASIC)

Do the policies clearly indicate whether or not the vendor provides notice in the event of a data breach to affected individuals?

  • Statements
    • Unanswered: Did not evaluate whether this product provides notice in the event of a data breach.
    • Non-Transparent: Unclear whether this product provides notice in the event of a data breach.
    • Does: Notice is provided in the event of a data breach.
    • Does Not: Notice is not provided in the event of a data breach.

8.8: Data Oversight

8.8.1: Security Audit

Do the policies clearly indicate whether or not the data privacy or security practices of the vendor are internally or externally audited to ensure compliance?

  • Statements
    • Unanswered: Did not evaluate whether this product performs data-privacy and security-compliance audits.
    • Non-Transparent: Unclear whether this product performs data-privacy and security-compliance audits.
    • Does: Data-privacy and security-compliance audits are performed.
    • Does Not: Data-privacy and security-compliance audits are not performed.

9: Responsible Use

9.1: Social Interactions

9.1.1: Safe Interactions (BASIC)

Do the policies clearly indicate whether or not a user can interact with trusted users?

  • Statements
    • Unanswered: Did not evaluate whether this product supports interactions between trusted users and/or students.
    • Non-Transparent: Unclear whether this product supports interactions between trusted users and/or students.
    • Does: Users can interact with trusted users and/or students.
    • Does Not: Users cannot interact with trusted users and/or students.

9.1.2: Unsafe Interactions

Do the policies clearly indicate whether or not a user can interact with untrusted users?

  • Statements
    • Unanswered: Did not evaluate whether users can interact with untrusted users, including strangers and/or adults.
    • Non-Transparent: Unclear whether users can interact with untrusted users, including strangers and/or adults.
    • Does: Users can interact with untrusted users, including strangers and/or adults.
    • Does Not: Users cannot interact with untrusted users, including strangers and/or adults.

9.1.3: Share Profile

Do the policies clearly indicate whether or not information must be shared or revealed by a user in order to participate in social interactions?

  • Statements
    • Unanswered: Did not evaluate whether profile information is shared for social interactions.
    • Non-Transparent: Unclear whether profile information is shared for social interactions.
    • Does: Profile information is shared for social interactions.
    • Does Not: Profile information is not shared for social interactions.

9.2: Data Visibility

9.2.1: Visible Data (BASIC)

Do the policies clearly indicate whether or not a user's personal information can be displayed publicly in any way?

  • Statements
    • Unanswered: Did not evaluate whether this product displays personal information publicly.
    • Non-Transparent: Unclear whether this product displays personal information publicly.
    • Does: Personal information is displayed publicly.
    • Does Not: Personal information is not displayed publicly.

9.2.2: Control Visibility

Do the policies clearly indicate whether or not a user has control over how their personal information is displayed to others?

  • Statements
    • Unanswered: Did not evaluate whether this product allows users to control how their data are displayed.
    • Non-Transparent: Unclear whether this product allows users to control how their data are displayed.
    • Does: Users can control how their data are displayed.
    • Does Not: Users cannot control how their data are displayed.

9.3: Monitor and Review

9.3.1: Monitor Content

Do the policies clearly indicate whether or not the vendor reviews, screens, or monitors user-created content?

  • Statements
    • Unanswered: Did not evaluate whether user-created content is reviewed, screened, or monitored by the vendor.
    • Non-Transparent: Unclear whether user-created content is reviewed, screened, or monitored by the vendor.
    • Does: User-created content is reviewed, screened, or monitored by the vendor.
    • Does Not: User-created content is not reviewed, screened, or monitored by the vendor.

9.3.2: Filter Content (BASIC)

Do the policies clearly indicate whether or not the vendor takes reasonable measures to delete all personal information from a user's postings before they are made publicly visible?

  • Statements
    • Unanswered: Did not evaluate whether user-created content is filtered for personal information before being made publicly visible.
    • Non-Transparent: Unclear whether user-created content is filtered for personal information before being made publicly visible.
    • Does: User-created content is filtered for personal information before being made publicly visible.
    • Does Not: User-created content is not filtered for personal information before being made publicly visible.

9.3.3: Moderating Interactions (BASIC)

Do the policies clearly indicate whether or not social interactions between users of the product are moderated?

  • Statements
    • Unanswered: Did not evaluate whether social interactions between users are moderated.
    • Non-Transparent: Unclear whether social interactions between users are moderated.
    • Does: Social interactions between users are moderated.
    • Does Not: Social interactions between users are not moderated.

9.3.4: Log Interactions

Do the policies clearly indicate whether or not social interactions are logged by the vendor and are available for review or audit?

  • Statements
    • Unanswered: Did not evaluate whether social interactions of users are logged.
    • Non-Transparent: Unclear whether social interactions of users are logged.
    • Does: Social interactions of users are logged.
    • Does Not: Social interactions of users are not logged.

9.4: Report Content

9.4.1: Block Content

Do the policies clearly indicate whether or not an educator, parent, or a school has the ability to filter or block inappropriate content or social interactions?

  • Statements
    • Unanswered: Did not evaluate whether users can filter or block inappropriate content.
    • Non-Transparent: Unclear whether users can filter or block inappropriate content.
    • Does: Users can filter or block inappropriate content.
    • Does Not: Users cannot filter or block inappropriate content.

9.4.2: Report Abuse

Do the policies clearly indicate whether or not a user can report abusive behavior, or cyberbullying?

  • Statements
    • Unanswered: Did not evaluate whether users can report abuse or cyberbullying.
    • Non-Transparent: Unclear whether users can report abuse or cyberbullying.
    • Does: Users can report abuse or cyberbullying.
    • Does Not: Users cannot report abuse or cyberbullying.

9.5: Internet Safety

9.5.1: Safe Tools

Do the policies clearly indicate whether or not the vendor provides tools and processes that support safe and appropriate social interactions on the product?

  • Statements
    • Unanswered: Did not evaluate whether the vendor provides links to tools or processes that support safe and appropriate social interactions.
    • Non-Transparent: Unclear whether the vendor provides links to tools or processes that support safe and appropriate social interactions.
    • Does: The vendor provides links to tools or processes that support safe and appropriate social interactions.
    • Does Not: The vendor does not provide links to tools or processes that support safe and appropriate social interactions.

10: Advertising

10.1: Vendor Communications

10.1.1: Service Messages

Do the policies clearly indicate whether or not a user will receive service- or administrative-related email or text message communications from the vendor or a third party?

  • Statements
    • Unanswered: Did not evaluate whether a user can receive service- or administrative-related communications from the vendor.
    • Non-Transparent: Unclear whether a user can receive service- or administrative-related communications from the vendor.
    • Does: A user can receive service- or administrative-related communications from the vendor.
    • Does Not: A user cannot receive service- or administrative-related communications from the vendor.

10.2: Traditional Advertising

10.2.1: Traditional Ads (BASIC)

Do the policies clearly indicate whether or not traditional advertisements are displayed to a user based on a webpage's content, and not that user's data?

  • Statements
    • Unanswered: Did not evaluate whether this product displays traditional or contextual advertisements.
    • Non-Transparent: Unclear whether this product displays traditional or contextual advertisements.
    • Does: Traditional or contextual advertisements are displayed.
    • Does Not: Traditional or contextual advertisements are not displayed.

10.3: Behavioral Advertising

10.3.1: Behavioral Ads (BASIC)

Do the policies clearly indicate whether or not behavioral advertising based on a user's personal information are displayed?

  • Statements
    • Unanswered: Did not evaluate whether this product displays behavioral or targeted advertising.
    • Non-Transparent: Unclear whether this product displays behavioral or targeted advertising.
    • Does: Behavioral or targeted advertising is displayed.
    • Does Not: Behavioral or targeted advertising is not displayed.

10.4: Ad Tracking

10.4.1: Third-Party Tracking (BASIC)

Do the policies clearly indicate whether or not third-party advertising services or tracking technologies collect any information from a user of the product?

  • Statements
    • Unanswered: Did not evaluate whether this product allows data collection by third-party advertising or tracking services.
    • Non-Transparent: Unclear whether this product allows data collection by third-party advertising or tracking services.
    • Does: Data are collected by third-party advertising or tracking services.
    • Does Not: Data are not collected by third-party advertising or tracking services.

10.4.2: Track Users (BASIC)

Do the policies clearly indicate whether or not a user's information is used to track users and display target advertisements on other third-party websites or services?

  • Statements
    • Unanswered: Did not evaluate whether this product uses data to track and target advertisements on other third-party websites or services.
    • Non-Transparent: Unclear whether this product uses data to track and target advertisements on other third-party websites or services.
    • Does: Data are used to track and target advertisements on other third-party websites or services.
    • Does Not: Data are not used to track and target advertisements on other third-party websites or services.

10.4.3: Data Profile (BASIC)

Do the policies clearly indicate whether or not the vendor allows third parties to use a student's data to create an automated profile, engage in data enhancement, conduct social advertising, or target advertising to students, parents, teachers, or the school?

  • Statements
    • Unanswered: Did not evaluate whether this product creates and uses data profiles for data enhancement, and/or targeted advertisements.
    • Non-Transparent: Unclear whether this product creates and uses data profiles for data enhancement, and/or targeted advertisements.
    • Does: Data profiles are created and used for data enhancement, and/or targeted advertisements.
    • Does Not: Data profiles are not created and used for data enhancement, and/or targeted advertisements.

10.5: Filtered Advertising

10.5.1: Filter Ads

Do the policies clearly indicate whether or not the vendor or third party filters inappropriate advertisements (e.g., alcohol, gambling, violence, or sexual content)?

  • Statements
    • Unanswered: Did not evaluate whether children may receive inappropriate advertisements.
    • Non-Transparent: Unclear whether children may receive inappropriate advertisements.
    • Does: Children do not receive any inappropriate advertisements.
    • Does Not: Children may receive inappropriate advertisements.

10.6: Marketing Communications

10.6.1: Marketing Messages

Do the policies clearly indicate whether or not the vendor may send marketing emails, text messages, or other related communications that may be of interest to a user?

  • Statements
    • Unanswered: Did not evaluate whether this vendor can send marketing messages.
    • Non-Transparent: Unclear whether this vendor can send marketing messages.
    • Does: The vendor can send marketing messages.
    • Does Not: The vendor cannot send marketing messages.

10.6.2: Third-Party Promotions

Do the policies clearly indicate whether or not the vendor may ask a user to participate in any sweepstakes, contests, surveys, or other similar promotions?

  • Statements
    • Unanswered: Did not evaluate whether this vendor provides promotional sweepstakes, contests, or surveys.
    • Non-Transparent: Unclear whether this vendor provides promotional sweepstakes, contests, or surveys.
    • Does: The vendor does provide promotional sweepstakes, contests, or surveys.
    • Does Not: The vendor does not provide promotional sweepstakes, contests, or surveys.

10.7: Unsubscribe

10.7.1: Unsubscribe Ads

Do the policies clearly indicate whether or not a user can opt out of traditional, contextual, or behavioral advertising?

  • Statements
    • Unanswered: Did not evaluate whether this product provides users the ability to opt-out of traditional, contextual, or behavioral advertising.
    • Non-Transparent: Unclear whether this product provides users the ability to opt-out of traditional, contextual, or behavioral advertising.
    • Does: Users can opt out of traditional, contextual, or behavioral advertising.
    • Does Not: Users cannot opt out of traditional, contextual, or behavioral advertising.

10.7.2: Unsubscribe Marketing

Do the policies clearly indicate whether or not a user can opt out or unsubscribe from a vendor or third party marketing communication?

  • Statements
    • Unanswered: Did not evaluate whether this product provides users the ability to opt out or unsubscribe from marketing communications.
    • Non-Transparent: Unclear whether this product provides users the ability to opt out or unsubscribe from marketing communications.
    • Does: Users can opt out or unsubscribe from marketing communications.
    • Does Not: Users cannot opt out or unsubscribe from marketing communications.

10.8: Do Not Track

10.8.1: DoNotTrack Response

Do the policies clearly indicate whether or not the vendor responds to a "Do Not Track" signal or other opt-out mechanisms from a user?

  • Statements
    • Unanswered: Did not evaluate whether this product responds to Do Not Track or other opt-out mechanisms.
    • Non-Transparent: Unclear whether this product responds to Do Not Track or other opt-out mechanisms.
    • Does: Vendor does respond to Do Not Track or other opt-out mechanisms.
    • Does Not: Vendor does not respond to Do Not Track or other opt-out mechanisms.

10.8.2: DoNotTrack Description

Do the policies clearly indicate whether the vendor provides a link to a description and the effects of any program or protocol the vendor follows that offers consumers a choice not to be tracked?

  • Statements
    • Unanswered: Did not evaluate whether the vendor provides a method for users to opt-out from third-party tracking.
    • Non-Transparent: Unclear whether the vendor provides a method for users to opt-out from third-party tracking.
    • Transparent: The vendor does provide a method for users to opt-out from third-party tracking.

11: Compliance

11.1: Children Under 13

11.1.1: Actual Knowledge

Do the policies clearly indicate whether or not the vendor has actual knowledge that personal information from children under 13 years of age is collected by the product?

  • Statements
    • Unanswered: Did not evaluate whether vendor has actual knowledge that personal information from users under 13 years of age is collected.
    • Non-Transparent: Unclear whether vendor has actual knowledge that personal information from users under 13 years of age is collected.
    • Does: Vendor does have actual knowledge that personal information from users under 13 years of age is collected.
    • Does Not: Vendor does not have actual knowledge that personal information from users under 13 years of age is collected.

11.1.2: COPPA Notice

Do the policies clearly indicate whether or not the vendor describes: (1) what information is collected from children under 13 years of age, (2) how that information is used, and (3) its disclosure practices for that information?

  • Statements
    • Unanswered: Did not evaluate whether children's privacy is applicable.
    • Non-Transparent: Unclear whether children's privacy is applicable.
    • Does: Children's privacy is applicable.
    • Does Not: Children's privacy is not applicable.

11.1.3: Restrict Account

Do the policies clearly indicate whether or not the vendor prohibits creating an account for a child under 13 years of age?

  • Statements
    • Unanswered: Did not evaluate whether this product restricts account creation for users under 13 years of age.
    • Non-Transparent: Unclear whether this product restricts account creation for users under 13 years of age.
    • Does: Account creation is restricted for users under 13 years of age.
    • Does Not: Account creation is not restricted for users under 13 years of age.

11.1.4: Restrict Purchase

Do the policies clearly indicate whether or not the vendor restricts in-app purchases for a child under 13 years of age?

  • Statements
    • Unanswered: Did not evaluate whether this product restricts in-app purchases for users under 13 years of age.
    • Non-Transparent: Unclear whether this product restricts in-app purchases for users under 13 years of age.
    • Does: Vendor does restrict in-app purchases for users under 13 years of age.
    • Does Not: Vendor does not restrict in-app purchases for users under 13 years of age.

11.1.5: Safe Harbor

Do the policies clearly indicate whether or not the product participates in an FTC-approved COPPA safe harbor program?

  • Statements
    • Unanswered: Did not evaluate whether the vendor participates in an FTC-approved COPPA safe harbor program.
    • Non-Transparent: Unclear whether the vendor participates in an FTC-approved COPPA safe harbor program.
    • Does: The vendor participates in an FTC-approved COPPA safe harbor program.
    • Does Not: The vendor does not participate in an FTC-approved COPPA safe harbor program.

11.2: Students in K–12

11.2.1: School Purpose (BASIC)

Do the policies clearly indicate whether or not the product is primarily used, designed, and marketed for preschool or K-12 school purposes?

  • Statements
    • Unanswered: Did not evaluate whether this product is primarily used by, designed for, and marketed toward students in grades preK–12.
    • Non-Transparent: Unclear whether this product is primarily used by, designed for, and marketed toward students in grades preK–12.
    • Does: Product is primarily used by, designed for, and marketed toward students in grades preK–12.
    • Does Not: Product is not primarily used by, designed for, and marketed toward students in grades preK–12.

11.2.2: Education Records

Do the policies clearly indicate the process by which education records are entered into the product? For example, are data entered by district staff, school employees, parents, teachers, students, or some other person?

  • Statements
    • Unanswered: Did not evaluate whether the product creates education records.
    • Non-Transparent: Unclear whether the product creates education records.
    • Transparent: Product does create education records.

11.2.3: School Contract

Do the policies clearly indicate whether or not the vendor provides a contract to a Local Educational Agency (LEA) or otherwise provides notice to users of additional rights?

  • Statements
    • Unanswered: Did not evaluate whether this product provides notification of a contract or additional rights.
    • Non-Transparent: Unclear whether this product provides notification of a contract or additional rights.
    • Does: Notification of a contract or additional rights is provided.
    • Does Not: Notification of a contract or additional rights is not provided.

11.2.4: School Official

Do the policies clearly indicate whether or not the vendor is under the direct control of the educational institution and designates themselves a 'School Official' under FERPA?

  • Statements
    • Unanswered: Did not evaluate whether this product designates the vendor as a school official.
    • Non-Transparent: Unclear whether this product designates the vendor as a school official.
    • Does: Vendor is designated as a school official.
    • Does Not: Vendor is not designated as a school official.

Do the policies clearly indicate whether or not the vendor or third party obtains verifiable parental consent before they collect or disclose personal information?

  • Statements
    • Unanswered: Did not evaluate whether this product requires parental consent.
    • Non-Transparent: Unclear whether this product requires parental consent.
    • Does: Parental consent is required.
    • Does Not: Parental consent is not required.

Do the policies clearly indicate whether or not a parent can consent to the collection and use of their child's personal information without also consenting to the disclosure of the information to third parties?

  • Statements
    • Unanswered: Did not evaluate whether this product limits parental consent with respect to third parties.
    • Non-Transparent: Unclear whether this product limits parental consent with respect to third parties.
    • Does: Parental consent is limited with respect to third parties.
    • Does Not: Parental consent is not limited with respect to third parties.

Do the policies clearly indicate whether or not the vendor responds to a request from a parent or guardian to prevent further collection of their child's information?

  • Statements
    • Unanswered: Did not evaluate whether this product allows parents to withdraw consent for the further collection of their child's information.
    • Non-Transparent: Unclear whether this product allows parents to withdraw consent for the further collection of their child's information.
    • Does: Parents can withdraw consent for the further collection of their child's information.
    • Does Not: Parents cannot withdraw consent for the further collection of their child's information.

11.3.4: Delete Child-PII

Do the policies clearly indicate whether or not the vendor deletes personal information from a student or child under 13 years of age if collected without parental consent?

  • Statements
    • Unanswered: Did not evaluate whether this product deletes children's personal information if collected without parental consent.
    • Non-Transparent: Unclear whether this product deletes children's personal information if collected without parental consent.
    • Does: Children's personal information is deleted if collected without parental consent.
    • Does Not: Children's personal information is not deleted if collected without parental consent.

Do the policies clearly indicate whether or not the vendor provides notice to parents or guardians of the methods to provide verifiable parental consent under COPPA?

  • Statements
    • Unanswered: Did not evaluate whether this product provides parental consent notice and method for submission.
    • Non-Transparent: Unclear whether this product provides parental consent notice and method for submission.
    • Does: Parental consent notice and method for submission are provided.
    • Does Not: Parental consent notice and method for submission are not provided.

11.3.6: Internal Operations

Do the policies clearly indicate whether or not the vendor can collect and use personal information from children without parental consent to support the 'internal operations' of the vendor's product?

  • Statements
    • Unanswered: Did not evaluate whether the vendor can use collected information to support the “internal operations” of the product.
    • Non-Transparent: Unclear whether the vendor can use collected information to support the “internal operations” of the product.
    • Does: The vendor can use collected information to support the “internal operations” of the product.
    • Does Not: The vendor cannot use collected information to support the “internal operations” of the product.

11.3.7: COPPA Exception

Do the policies clearly indicate whether or not the vendor collects personal information from children without verifiable parental consent for the sole purpose of trying to obtain consent under COPPA?

  • Statements
    • Unanswered: Did not evaluate whether this product discloses COPPA parental consent exceptions.
    • Non-Transparent: Unclear whether this product indicates COPPA parental consent exceptions.
    • Does: COPPA parental consent exceptions are indicated.
    • Does Not: COPPA parental consent exceptions are not indicated.

11.3.8: FERPA Exception

Do the policies clearly indicate whether or not the vendor may disclose personal information without verifiable parental consent under a FERPA exception?

  • Statements
    • Unanswered: Did not evaluate whether the vendor indicates FERPA parental consent exceptions.
    • Non-Transparent: Unclear whether the vendor indicates FERPA parental consent exceptions.
    • Does: FERPA parental consent exceptions are indicated.
    • Does Not: FERPA parental consent exceptions are not indicated.

11.3.9: Directory Information

Do the policies clearly indicate whether or not the vendor discloses student information as 'Directory Information' under a FERPA exception?

  • Statements
    • Unanswered: Did not evaluate whether this product discloses directory information.
    • Non-Transparent: Unclear whether this product discloses directory information.
    • Does: Directory information is disclosed.
    • Does Not: Directory information is not disclosed.

Do the policies clearly indicate whether or not responsibility or liability for obtaining verified parental consent is transferred to the school or district?

  • Statements
    • Unanswered: Did not evaluate whether this product transfers parental consent obligations to the school or district.
    • Non-Transparent: Unclear whether this product transfers parental consent obligations to the school or district.
    • Does: Parental consent obligations are transferred to the school or district.
    • Does Not: Parental consent obligations are not transferred to the school or district.

11.4.1: Policy Jurisdiction

Do the policies clearly indicate the vendor's jurisdiction that applies to the construction, interpretation, and enforcement of the policies?

  • Statements
    • Unanswered: Did not evaluate whether the legal jurisdiction that applies to the laws governing any dispute is indicated.
    • Non-Transparent: The legal jurisdiction that applies to the laws governing any dispute is not indicated.
    • Transparent: The legal jurisdiction that applies to the laws governing any dispute is indicated.

11.4.2: Dispute Resolution

Do the policies clearly indicate whether or not the vendor requires a user to waive the right to a jury trial, or settle any disputes by Alternative Dispute Resolution (ADR)?

  • Statements
    • Unanswered: Did not evaluate whether a user is required to waive the right to a jury trial, or settle any disputes by arbitration.
    • Non-Transparent: Unclear whether a user is required to waive the right to a jury trial, or settle any disputes by arbitration.
    • Does: A user is required to waive the right to a jury trial, or settle any disputes by arbitration.
    • Does Not: A user is not required to waive the right to a jury trial, or settle any disputes by arbitration.

11.4.3: Class Waiver

Do the policies clearly indicate whether or not the vendor requires the user to waive their right to join a class action lawsuit?

  • Statements
    • Unanswered: Did not evaluate whether a user is required to waive the right to join a class action lawsuit.
    • Non-Transparent: Unclear whether a user is required to waive the right to join a class action lawsuit.
    • Does: A user is required to waive the right to join a class action lawsuit.
    • Does Not: A user is required to waive the right to join a class action lawsuit.

11.4.4: Law Enforcement

Do the policies clearly indicate whether or not the vendor can use or disclose a user's data under a requirement of applicable law to comply with a legal process, to respond to governmental requests, to enforce their own policies, for assistance in fraud detection and prevention, or to protect the rights, privacy, safety or property of the vendor, its users, or others?

  • Statements
    • Unanswered: Did not evaluate whether a vendor will disclose personal information to law enforcement.
    • Non-Transparent: Unclear whether a vendor will disclose personal information to law enforcement.
    • Does: A vendor will disclose personal information to law enforcement.
    • Does Not: A vendor will not disclose personal information to law enforcement.

11.5: Certification

11.5.1: Privacy Badge

Do the policies clearly indicate whether or not the vendor has signed any privacy pledges or received any other privacy certifications?

  • Statements
    • Unanswered: Did not evaluate whether the vendor has signed a privacy pledge or received a privacy certification.
    • Non-Transparent: Unclear whether the vendor has signed a privacy pledge or received a privacy certification.
    • Does: The vendor has signed a privacy pledge or received a privacy certification.
    • Does Not: The vendor has not signed a privacy pledge or received a privacy certification.

11.6: International Laws

11.6.1: GDPR Jurisdiction

Do the policies clearly indicate whether or not a user's data are subject to International data transfer or jurisdiction laws, such as a privacy shield or a safe harbor framework that protects the cross-border transfer of a user's data?

  • Statements
    • Unanswered: Did not evaluate whether a user's data are subject to International data transfer or jurisdiction laws, such as the GDPR.
    • Non-Transparent: Unclear whether a user's data are subject to International data transfer or jurisdiction laws, such as the GDPR.
    • Does: A user's data are subject to International data transfer or jurisdiction laws, such as the GDPR.
    • Does Not: A user's data are not subject to International data transfer or jurisdiction laws, such as the GDPR.

11.6.2: GDPR Role

Do the policies clearly indicate whether or not the vendor is categorized as a Data Controller or a Data Processor, and whether it has identified a Data Protection Officer (DPO) for the purposes of GDPR compliance?

  • Statements
    • Unanswered: Did not evaluate whether the vendor has indicated it is a Data Controller or Data Processor.
    • Non-Transparent: Unclear whether the vendor has indicated it is a Data Controller or Data Processor.
    • Does: The vendor has indicated it is a Data Controller or Data Processor.
    • Does Not: The vendor has not indicated it is a Data Controller or Data Processor.